ISO 27701 arrives to guide privacy pros through the complexity of privacy implementation and Privacy by Design.<\/p>\n\n\n\n
Within the press release and introduction released last month announcing the world\u2019s first international standard for information privacy management, the International Standards Organization (ISO) noted that: Privacy has become a \u201csignificant business concern\u201d Cybersecurity is \u201ca growing concern\u201d Costs of data breaches are rising Legal obligations are \u201cincreasingly stringent\u201d Protection of privacy is a \u201csocietal need\u201d The quantity and types of PII are increasing\u2026 \u2026as are the variety of circumstances where organizations need to co-operate with one another to process it And finally, many organizations are simply not ready and need guidance<\/p>\n\n\n\n
Quite a backdrop for a new, and clearly essential, \u2018Privacy Information Management System\u2019 (PIMS)!<\/p>\n\n\n\n
So what do you need to know about it?<\/p>\n\n\n\n
Most importantly, it supplements ISO 27001, the widely-adopted Information Security Management Standard. According to the ISO website, 27001 \u201cis a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process.\u201d<\/p>\n\n\n\n
This is absolutely the right way to think of any PIMS \u2013 as an extension to the well-understood and widely-applied practical thinking of an ISMS. The symbiotic link between data security and data privacy is well-documented and obvious. Take the GDPR for example, and how many references there are within it to \u201ctechnical and organisational measures.\u201d<\/p>\n\n\n\n
But still, making this theoretical link a reality \u2013 and going a long way towards achieving Privacy by Design in the process \u2013 remains complex. Not least because of the lack of a common language between Privacy pros and their IT and Security peers, as our Privacy Rosetta Stone project revealed.<\/p>\n\n\n\n
Achieving Privacy by Design should be any data-centric business\u2019 goal, and for that, Privacy and IT & Security need to collaborate effectively. This requires clear and transparent communication, which is notoriously somewhat less than common between the two departments.<\/p>\n\n\n\n
But if these two departments cannot communicate between each other clearly, then there is zero chance of the importance, requirements and urgency of privacy being communicated across the wider organization.<\/p>\n\n\n\n
Thankfully, ISO 27701 helps bring the two parties together. It creates a common goal for data protection, using language that IT & Security will understand (it is based on \u201ctheir\u201d 27001 after all), while enforcing the practices that Privacy demands.<\/p>\n\n\n\n
It does not totally fix the communication issue that is endemic between the two departments, but then it never intended to. It does however put Privacy into a practical IT & Security context. It outlines practical steps, measures and requirements that stop IT & Security thinking that privacy is not their territory, or worse, solved simply by securing the network.<\/p>\n\n\n\n
In essence, implementing ISO 27701 cuts to the chase. It helps you bypass the noise, frustration, misunderstanding and delay of typical Privacy-Security initiatives and help you take meaningful steps faster towards a privacy-centric culture.<\/p>\n\n\n\n
It can\u2019t solve the problem entirely. Privacy and IT & Security still both need to work harder to improve the transparency and frequency of their communication, especially in more complex or innovative projects. But ISO 27701 lays strong foundations for effective collaboration and ongoing regulatory adherence.<\/p>\n","protected":false},"excerpt":{"rendered":"
ISO 27701 arrives to guide privacy pros through the complexity of privacy implementation and Privacy by Design<\/p>\n","protected":false},"author":33,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"post_format_type":[40],"class_list":["post-1809","post","type-post","status-publish","format-standard","hentry","category-blog"],"acf":[],"yoast_head":"\n